Besides its traditional bot and mining activities, the malware comes with a variety of functionalities allowing it to steal credentials, remove security controls, spread via emails, move laterally, etc.
The attacks involved the exploitation of Microsoft Exchange Server vulnerabilities, the deployment of the China Chopper web shell, and the use of Mimikatz to collect credentials.
The official website for booking COVID-19 vaccinations was unavailable for several hours on Sunday preventing citizens from booking appointments for a coronavirus vaccine.
Dubbed GhostEmperor, the threat actor has been observed using a never-before-seen Windows kernel-mode rootkit.
Researchers discovered more than 30 command-and-control servers under control of APT29 that were delivering WellMess.
The hackers are believed to have had access to compromised accounts from approximately May 7 to December 27, 2020.
The agency advises to avoid connecting to public Wi-Fi, and use a corporate or personal Wi-Fi hotspot with strong authentication and encryption whenever possible.
The attackers claim they encrypted the company’s files, including 1TB of personal data, financial reports and other documents.
The Meteor wiper was developed in the past three years and seems to be designed for reuse in multiple campaigns.
The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
Showing elements 2921 - 2930